How to combat ransomware: 4 pillars for Singapore firms
The ransomware threat is a rapidly growing problem that has the potential to disrupt and damage organizations and individuals around the world. At its core, ransomware is a type of malware that encrypts a victim’s data or computing device, threatening to keep it locked unless a ransom is paid to the attacker. This can be devastating for victims, who may be left without access to critical data or systems, and may feel pressure to pay the ransom in order to regain access.
This problem is compounded by the fact that ransomware attacks are often conducted across borders and jurisdictional lines, making it difficult for law enforcement to track and prosecute the perpetrators. The financial incentives for ransomware attacks are also significant, with attackers often demanding large ransoms and using sophisticated methods to launder the proceeds of their crimes.
To address this threat, the Singapore government has developed a four-pillar approach that focuses on strengthening the defenses of potential targets, disrupting the ransomware business model, supporting recovery efforts for victims, and collaborating with international partners. Together, these pillars represent a comprehensive strategy for addressing the complex and evolving threat of ransomware.
Four-pillar approach for Singapore firms to combat ransomware
Pillar 1: Improve the defenses of potential targets
The first pillar of defense is to beef up the security of potential targets, such as government agencies, critical information infrastructure, and businesses, especially small and medium-sized businesses, to make it more difficult for ransomware attackers to launch successful attacks.
To minimize the risks associated with a ransomware attack, organizations should consider implementing the following risk-mitigation measures:
- A sound credential management policy: This involves establishing clear guidelines for the creation, use, and protection of login credentials, such as passwords and user IDs. By ensuring that only authorized individuals have access to sensitive data and systems, organizations can reduce the risk of unauthorized access that could lead to a ransomware attack.
- Network segregation and segmentation: Dividing a network into smaller, isolated segments can help to prevent the spread of ransomware within an organization. This can be achieved through the use of firewalls, virtual private networks (VPNs), and other security measures that limit access to specific areas of the network.
- A robust offline backup system: By regularly backing up important data and systems, organizations can ensure that they have a copy that can be used to restore access in the event of a ransomware attack. It is important to store these backups offline, as they may otherwise be vulnerable to ransomware infection as well.
- A restoration plan: In the event of a ransomware attack, it is essential to have a plan in place for recovering key assets. This may involve paying the ransom demanded by the attackers, negotiating with them, or seeking assistance from cybersecurity professionals to try to restore access to the data without paying the ransom. By having a clear restoration plan in place, organizations can minimize the potential disruption caused by a ransomware attack and ensure the timely recovery of critical assets.
Pillar 2: Disrupt the ransomware business model to decrease the financial benefits of ransomware attacks.
Discourage ransom payments: One way to disrupt the ransomware business model is to discourage ransom payments. This would reduce the profits that ransomware attackers can expect to gain from setting up ransomware attacks.
The government strongly advises against paying ransoms and will continue to emphasize the risks and consequences of doing so. The CRTF (Cyber Risk Task Force) also recommends examining the effects of cyber insurance policies that cover ransom payments on the ransomware industry, and the potential impact if such coverage is prohibited.
Trace illegal movements of assets paid in ransom: Another way to disrupt the ransomware business model is to more effectively trace the illegal movements of assets paid in ransom (usually in cryptocurrency).
This would reduce the likelihood of ransomware attackers being able to evade ransom payments. One suggestion is to make it mandatory for organizations to report the payment of a ransom. This information is necessary for the government to track these illegal financial flows and recover ransom payments.
The government will also investigate enhancing our tracing capabilities through public-private partnerships.
Pillar 3: Support recovery to prevent victims of ransomware attacks from feeling pressured to pay the ransom, which fuels the ransomware industry.
a. Provide resources to victims: To support recovery from ransomware attacks, the CRTF recommends creating a one-stop portal for organizations to access all ransomware-related resources.
This portal would be aimed at victims of ransomware attacks seeking recovery support and would provide links to resources such as decryption keys and response checklists that could assist in recovery efforts after a ransomware attack.
It would also provide information on preventative measures such as CSA’s (Cyber Security Agency) Cyber Essentials cybersecurity toolkits and alerts and advisories relevant to ransomware.
b. Encourage cyber insurance: Another recommendation is to explore ways to increase the adoption of cyber insurance among organizations while the impact of covering ransom payments is being studied. Even if ransom payments are not covered, obtaining cyber insurance coverage for other potential costs arising from a cyber incident can still be a useful risk management practice.
It allows an organization to transfer and/or share the risks arising from a cyber incident with private commercial insurance companies and incentivize organizations to adopt better cybersecurity measures to meet the underwriting requirements.
Pillar 4: Collaborate with international partners to adopt a coordinated global approach to combating ransomware.
The CRTF has identified three specific areas in which Singapore should focus on and contribute to efforts to foster international cooperation:
- Law enforcement: To bring ransomware attackers to justice and deny these criminals safe-havens, the CRTF recommends exploring ways to expedite cross-border law enforcement collaboration on a bilateral or plurilateral basis, such as an international framework for information exchange and interdiction of ransom payments.
- Anti-money laundering measures: The ransomware threat has highlighted the need to address regulatory gaps so that illicit ransom flows can be traced and the abuse of virtual assets stopped. The CRTF recommends that Singapore continue to work with international counterparts toward timely and consistent implementation of FATF (Financial Action Task Force) standards on combating money laundering and the financing of terrorism and proliferation.
- Discourage ransom payments: Without international alignment on insurance policies covering ransom payments, any attempt to discourage these within our domestic market will be ineffective as businesses can easily turn to insurance providers overseas to buy insurance policies. A key recommendation is to work with international partners to study the effects of insurance policies covering ransom payments on the ransomware industry.
Ransomware is a significant issue that has grown in both scale and impact, affecting countries worldwide, including Singapore. It is a particularly pressing problem due to its international nature, as attackers often operate across borders and jurisdictional lines in order to evade justice.
Ransomware attacks have become lucrative for criminals, who offer a range of services, including unauthorized access to targeted networks and money laundering services. With the four pillar approach, it is hoped that these could be disrupted for benefit and safety of all firms in Singapore.
A data protection officer (DPO) can play a critical role in helping to prevent ransomware attacks and minimize their impact. Some specific ways a DPO can help include:
- Developing and implementing data protection policies and procedures: A DPO can work with an organization to develop and implement policies and procedures that help to protect against ransomware attacks. This might include regularly backing up data, implementing security measures such as firewalls and antivirus software, and training employees on how to recognize and avoid phishing scams.
- Monitoring and detecting ransomware attacks: A DPO can work with an organization’s IT team to monitor for potential ransomware attacks and implement systems to detect them quickly. This might include monitoring for unusual network activity or monitoring for attempts to access certain data.
- Responding to ransomware attacks: If a ransomware attack does occur, a DPO can help an organization to quickly and effectively respond to the attack. This might include working with the IT team to restore data from backups, negotiating with the attackers to try to get the ransom reduced or waived, and communicating with relevant stakeholders about the attack.
By taking these steps, a DPO can help an organization to better protect itself against ransomware attacks and minimize their impact when they do occur.
Don’t risk a 5-7 figure financial penalty – protect your organisation with our trusted outsourced Data Protection Officer service. With over 300 satisfied clients in Singapore, we’re the experts you can count on to help you be PDPA compliant and safeguard the personal data in your possession. Apply for a non-obligatory PDPA compliance consultation today: https://www.privacy.com.sg/outsourced-data-protection-officer-dpo-service/